Google Workspace - SAML

Before you begin

Retrieve the SSO URL and Entity ID Identifier from Google Workspace.

About this task

This task shows you how to configure your identity provider using Google Workspace - SAML.

Procedure

  1. Select Onboarding.
    The welcome window displays.
  2. Select Secure Hybrid Access [Secure Application Access or Secure Network Access].
    The Identity Provider window displays with ExtremeCloud Universal ZTNA.
  3. Select Next.
    The Onboarding window displays.
  4. Select link to review the comprehensive tutorial on creating a SAML-based SSO in Google Workspace.
  5. Follow the ExtremeCloud Universal ZTNA instructions.
  6. Enter the SSO URL.
  7. Enter the Entity ID Identifier.
  8. Upload the SAML Signing Certificate you downloaded from Azure.

    The UI instructions explain how to upload the certificate.

  9. Follow the Configure Service Provider Details instructions.
  10. Follow the Attribute Mapping instructions.
  11. Select Secure Network Access > Sync Users > User Groups.
  12. (Optional) Select All Domains or Custom and enter the domain.
    If you select Custom, fill in the approved domains. Applicable for network and application access.
  13. Select Validate Information.
    A message in the upper right corner confirms the validation test passed.
  14. Select Update.
    Update Identity Provider pop-up window displays. This message cautions you that the Identity Provider change logs out current workspace users.
  15. If you decide to continue, select Confirm.
  16. Select Next.
    The Onboarding - Access Groups window displays.
  17. Configure Access Groups.
  18. Configure Resources.
  19. Configure Applications and Application Groups.
    You can skip this step if you are using Secure Network Access.
  20. Configure Policies.

Results

Your onboarding is complete. Your users, applications, and devices can now access the network securely.